Tech Leaders Safeguard IT Infrastructure in Cities

February 11, 2019

This article appeared in the February 2019 issue of the Georgia's Cities newspaper.

A
different form of infrastructure is taking over head­lines, budget items and local government officials’ attention. Referred to as “IT Infrastructure” or the composite hardware, software, network resources and services required for the operation of an entity’s technology environment, municipalities have been diligently working to strengthen theirs and safeguard against cybercrimes.

Georgia’s Cities caught up with three IT leaders from across Georgia: East Point IT Director Farhad Islam, Albany Chief Information Officer Steven Carter and Brett Lavender, Macon-Bibb County chief information officer uncover technology trends and tips to improve cybersecurity.

How has technology improved your city’s physical infrastructure and operations?

Islam

FI: Over the last few years, in East Point we’ve invested in Advanced Metering Infrastructure (AMI), Su­pervisory Control and Data Acquisi­tion (SCADA), and Geographic In­formation System (GIS) to automate functionalities and increase visibility to critical services such as supplying water and power to our citizens and clients alike.

SC: Albany has undergone a digi­tal transformation that includes soft­ware such as Novus Agenda, Pow­erDMS, Laserfiche, Office 365 and SeamlessDocs to change the way in­formation is handled and where it is stored. We’ve implemented a cloud-computing strategy that can reduce cost by reducing required data center resources as well as free up staff for other projects. We’ve also invested in virtualization initiatives, which has provided a huge reduction in the amount of physical server infrastruc­ture required to run the business applications of the city. These improvements contributed to the consoli­dation of dozens of physical servers, reducing cool­ing requirements, power consumption and licensing costs all while improving performance.

What are some of the greatest cybersecurity dangers for cities?

Lavender

BL: I think the foremost cyberse­curity danger for cities is Malware. I encourage cities to research the Top 10 malware in December 2018 that were published by the Multi-State Information Sharing and Analysis Center (MS-ISAC). Another signifi­cant cybersecurity danger for cities is phishing (social engineering) at­tacks. Phishing attacks attempt to trick an employee into giving away sensitive data, account credentials, passwords and credit card numbers. The most common form of this attack comes as an email mimicking the identity of one of your vendors, IT administrators or someone who has a lot of authority in the city.

FI: Cybersecurity is an on-going concern, especial­ly for cities similar to us that host critical “high-value” infrastructures such as water and power systems. Cybersecurity threats are getting even more compli­cated because the attacks are now morphing into a volatile cocktail form where attackers are utilizing and combining Artificial Intelligence (AI) with social engineering to penetrate into an organization’s IT in­frastructure.

What best practices can cities implement to protect their IT Infrastructure?
BL: There are several best practices cities can im­plement to protect their IT Infrastructure including establish a Cyber Security Awareness Program, be­cause a trained employee is less likely to fall for phish­ing schemes than one who doesn’t know basic cyber­security protocols. A city can also establish citywide policies to include (but not limited to) acceptable use, password, mobile device use, vulnerability assess­ment and web filtering policies. I’d also recommend a city to become a Multi-State Information Sharing and Analysis Center (MS-ISAC) member for free and uti­lize many of their valuable services.

Carter

SC: Cities should invest in a multilayered security strategy that protects organization data and resources such as firewalls and antivirus. Cities should conduct security training as well as simulate attacks. Whether through malice or negligence, humans are the easiest target in any computer system. We mitigate that risk by both granting everyone the lowest level of access they need to do their jobs and by educating them on how to identify forms of malicious attempts to access our network. In addition to prevention, incident re­sponse and disaster recovery strategies must be in place to restore data in the event of data loss, corrup­tion or hardware failure.

What are some technology trends and/or tools that cities should look out for?
FI: City governments are focusing on Smart City solutions that will enhance quality of life and render efficient and effective services. Cities are beginning to utilize AI with the desire to deploy autonomous vehicles (AV) and unmanned aerial vehicles for trans­portation and public safety purposes. Cities are also envisioning technology as a means for economic de­velopment to develop areas with 5G and small cell connections to lure entrepreneurs to start up new technology ventures.

SC: Cities should be on the lookout for automation and big data. While some see these technologies as disruptive, they can be force multipliers. These tech­nologies can reduce manual processes and speed data collection. When paired with analytics software, these technologies can cut down on repetitive man­ual tasks and free staff up to make better data-driven decisions.

The Georgia Municipal Association recognizes the importance of ensuring our websites are accessible and is committed to ensuring digital accessibility for people with disabilities. We are continually improving the user experience for everyone and currently working to apply the relevant accessibility standards to this website. If you are having any accessibility related issues, such as difficulty reading or viewing this page, please contact the Communications Team, and we will work directly with you to find a solution.